From 9294d031c89e9147ff26273b24daae2fc8527ef8 Mon Sep 17 00:00:00 2001 From: trickest-workflows Date: Thu, 24 Feb 2022 06:25:34 +0000 Subject: [PATCH] Update Thu Feb 24 06:25:34 UTC 2022 --- 2009/CVE-2009-2663.md | 17 +++++++++++++++++ 2014/CVE-2014-8664.md | 17 +++++++++++++++++ 2017/CVE-2017-1000491.md | 17 +++++++++++++++++ 2019/CVE-2019-11358.md | 1 + 2019/CVE-2019-6551.md | 17 +++++++++++++++++ 2020/CVE-2020-27662.md | 1 + 2020/CVE-2020-27663.md | 1 + 2021/CVE-2021-21255.md | 17 +++++++++++++++++ 2021/CVE-2021-21324.md | 17 +++++++++++++++++ 2021/CVE-2021-21326.md | 17 +++++++++++++++++ 2021/CVE-2021-29436.md | 17 +++++++++++++++++ 2021/CVE-2021-41139.md | 17 +++++++++++++++++ 2021/CVE-2021-41156.md | 17 +++++++++++++++++ 2021/CVE-2021-43851.md | 17 +++++++++++++++++ 2022/CVE-2022-25329.md | 20 ++++++++++++++++++++ 2022/CVE-2022-25330.md | 20 ++++++++++++++++++++ 2022/CVE-2022-25331.md | 20 ++++++++++++++++++++ github.txt | 31 ++++++++++++++++++++++++++++--- references.txt | 7 +++++++ 19 files changed, 285 insertions(+), 3 deletions(-) create mode 100644 2009/CVE-2009-2663.md create mode 100644 2014/CVE-2014-8664.md create mode 100644 2017/CVE-2017-1000491.md create mode 100644 2019/CVE-2019-6551.md create mode 100644 2021/CVE-2021-21255.md create mode 100644 2021/CVE-2021-21324.md create mode 100644 2021/CVE-2021-21326.md create mode 100644 2021/CVE-2021-29436.md create mode 100644 2021/CVE-2021-41139.md create mode 100644 2021/CVE-2021-41156.md create mode 100644 2021/CVE-2021-43851.md create mode 100644 2022/CVE-2022-25329.md create mode 100644 2022/CVE-2022-25330.md create mode 100644 2022/CVE-2022-25331.md diff --git a/2009/CVE-2009-2663.md b/2009/CVE-2009-2663.md new file mode 100644 index 0000000000..f47fbc1a6a --- /dev/null +++ b/2009/CVE-2009-2663.md @@ -0,0 +1,17 @@ +### [CVE-2009-2663](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file. + +### POC + +#### Reference +- https://bugzilla.redhat.com/show_bug.cgi?id=516259 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2014/CVE-2014-8664.md b/2014/CVE-2014-8664.md new file mode 100644 index 0000000000..79fc1f1638 --- /dev/null +++ b/2014/CVE-2014-8664.md @@ -0,0 +1,17 @@ +### [CVE-2014-8664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8664) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. + +### POC + +#### Reference +- http://service.sap.com/sap/support/notes/0001810405 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-1000491.md b/2017/CVE-2017-1000491.md new file mode 100644 index 0000000000..f6adceedc5 --- /dev/null +++ b/2017/CVE-2017-1000491.md @@ -0,0 +1,17 @@ +### [CVE-2017-1000491](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000491) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration. + +### POC + +#### Reference +- https://github.com/rhysd/Shiba/issues/42 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md index 0bcab62295..78a1b7b4e8 100644 --- a/2019/CVE-2019-11358.md +++ b/2019/CVE-2019-11358.md @@ -176,6 +176,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Chickenados/8628-FreightFrenzy - https://github.com/Chuvxjr/Phanton_FtcRobotController - https://github.com/ChuyChugh/ftc-2021 +- https://github.com/Cl0ck21/2021-2022FIxed - https://github.com/Cl0ck21/CrowForce2021-2022 - https://github.com/Cl0ck21/HAL9001D-master - https://github.com/ClashOfCoders/UltimateGoal-2020-2021 diff --git a/2019/CVE-2019-6551.md b/2019/CVE-2019-6551.md new file mode 100644 index 0000000000..4038938ffc --- /dev/null +++ b/2019/CVE-2019-6551.md @@ -0,0 +1,17 @@ +### [CVE-2019-6551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6551) +![](https://img.shields.io/static/v1?label=Product&message=Pangea%20Communications%20Internet%20FAX%20ATA&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=AUTHENTICATION%20BYPASS%20USING%20AN%20ALTERNATE%20PATH%20OR%20CHANNEL%20CWE-288&color=brighgreen) + +### Description + +Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition. + +### POC + +#### Reference +- http://www.securityfocus.com/bid/107031 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-27662.md b/2020/CVE-2020-27662.md index c63c6e739b..fee9cb02cd 100644 --- a/2020/CVE-2020-27662.md +++ b/2020/CVE-2020-27662.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/hectorgie/PoC-in-GitHub +- https://github.com/indevi0us/indevi0us diff --git a/2020/CVE-2020-27663.md b/2020/CVE-2020-27663.md index 3e4e9bb109..b69d3fb84f 100644 --- a/2020/CVE-2020-27663.md +++ b/2020/CVE-2020-27663.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/hectorgie/PoC-in-GitHub +- https://github.com/indevi0us/indevi0us diff --git a/2021/CVE-2021-21255.md b/2021/CVE-2021-21255.md new file mode 100644 index 0000000000..827d300f07 --- /dev/null +++ b/2021/CVE-2021-21255.md @@ -0,0 +1,17 @@ +### [CVE-2021-21255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21255) +![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/indevi0us/indevi0us + diff --git a/2021/CVE-2021-21324.md b/2021/CVE-2021-21324.md new file mode 100644 index 0000000000..b8eb66f065 --- /dev/null +++ b/2021/CVE-2021-21324.md @@ -0,0 +1,17 @@ +### [CVE-2021-21324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21324) +![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This vulnerability gives an unauthorized user the ability to enumerate GLPI items names (including users logins) using the knowbase search form (requires authentication). To Reproduce: Perform a valid authentication at your GLPI instance, Browse the ticket list and select any open ticket, click on Solution form, then Search a solution form that will redirect you to the endpoint /"glpi/front/knowbaseitem.php?item_itemtype=Ticket&item_items_id=18&forcetab=Knowbase$1", and the item_itemtype=Ticket parameter present in the previous URL will point to the PHP alias of glpi_tickets table, so just replace it with "Users" to point to glpi_users table instead; in the same way, item_items_id=18 will point to the related column id, so changing it too you should be able to enumerate all the content which has an alias. Since such id(s) are obviously incremental, a malicious party could exploit the vulnerability simply by guessing-based attempts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/indevi0us/indevi0us + diff --git a/2021/CVE-2021-21326.md b/2021/CVE-2021-21326.md new file mode 100644 index 0000000000..57e2d5e87a --- /dev/null +++ b/2021/CVE-2021-21326.md @@ -0,0 +1,17 @@ +### [CVE-2021-21326](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21326) +![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fixed in version 9.5.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/indevi0us/indevi0us + diff --git a/2021/CVE-2021-29436.md b/2021/CVE-2021-29436.md new file mode 100644 index 0000000000..8037c64c9a --- /dev/null +++ b/2021/CVE-2021-29436.md @@ -0,0 +1,17 @@ +### [CVE-2021-29436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29436) +![](https://img.shields.io/static/v1?label=Product&message=timetracker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=%7B%22CWE-352%22%3A%22Cross-Site%20Request%20Forgery%20(CSRF)%22%7D&color=brighgreen) + +### Description + +Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an attacker-provided form that executes an unintended action such as changing user password. The vulnerability is fixed in Time Tracker version 1.19.27.5431. Upgrade is recommended. If upgrade is not practical, introduce ttMitigateCSRF() function in /WEB-INF/lib/common.php.lib using the latest available code and call it from ttAccessAllowed(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/indevi0us/indevi0us + diff --git a/2021/CVE-2021-41139.md b/2021/CVE-2021-41139.md new file mode 100644 index 0000000000..72273d3583 --- /dev/null +++ b/2021/CVE-2021-41139.md @@ -0,0 +1,17 @@ +### [CVE-2021-41139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41139) +![](https://img.shields.io/static/v1?label=Product&message=timetracker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Because of not checking this parameter for sanity in versions prior to 1.19.30.5600, it was possible to craft the URI with malicious JavaScript, use social engineering to convince logged on user to click on such link, and have the attacker-supplied JavaScript to be executed in user's browser. This issue is patched in version 1.19.30.5600. As a workaround, one may introduce `ttValidDbDateFormatDate` function as in the latest version and add a call to it within the access checks block in time.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/indevi0us/indevi0us + diff --git a/2021/CVE-2021-41156.md b/2021/CVE-2021-41156.md new file mode 100644 index 0000000000..6f15a35272 --- /dev/null +++ b/2021/CVE-2021-41156.md @@ -0,0 +1,17 @@ +### [CVE-2021-41156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41156) +![](https://img.shields.io/static/v1?label=Product&message=timetracker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft an html form with malicious JavaScript, use social engineering to convince logged on users to execute a POST from such form, and have the attacker-supplied JavaScript to be executed in user's browser. This has been patched in version 1.19.30.5600. Upgrade is recommended. If it is not practical, introduce ttValidDbDateFormatDate function as in the latest version and add a call to it within the access checks block. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/indevi0us/indevi0us + diff --git a/2021/CVE-2021-43851.md b/2021/CVE-2021-43851.md new file mode 100644 index 0000000000..8a7f841b78 --- /dev/null +++ b/2021/CVE-2021-43851.md @@ -0,0 +1,17 @@ +### [CVE-2021-43851](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43851) +![](https://img.shields.io/static/v1?label=Product&message=timetracker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/indevi0us/indevi0us + diff --git a/2022/CVE-2022-25329.md b/2022/CVE-2022-25329.md new file mode 100644 index 0000000000..1ae0e73bb8 --- /dev/null +++ b/2022/CVE-2022-25329.md @@ -0,0 +1,20 @@ +### [CVE-2022-25329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25329) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20EMC%20Celerra&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Microsoft%20Windows%20%2F%20Novell%20NetWare&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Network%20Appliance%20Filers&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Storage&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Static%20Credential&color=brighgreen) + +### Description + +Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions. + +### POC + +#### Reference +- https://www.tenable.com/security/research/tra-2022-05 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-25330.md b/2022/CVE-2022-25330.md new file mode 100644 index 0000000000..b130c7251a --- /dev/null +++ b/2022/CVE-2022-25330.md @@ -0,0 +1,20 @@ +### [CVE-2022-25330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25330) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20EMC%20Celerra&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Microsoft%20Windows%20%2F%20Novell%20NetWare&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Network%20Appliance%20Filers&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Storage&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Command%20Integer%20Overflow&color=brighgreen) + +### Description + +Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. + +### POC + +#### Reference +- https://www.tenable.com/security/research/tra-2022-05 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-25331.md b/2022/CVE-2022-25331.md new file mode 100644 index 0000000000..af63b49d49 --- /dev/null +++ b/2022/CVE-2022-25331.md @@ -0,0 +1,20 @@ +### [CVE-2022-25331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25331) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20EMC%20Celerra&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Microsoft%20Windows%20%2F%20Novell%20NetWare&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Network%20Appliance%20Filers&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Storage&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Command%20DoS&color=brighgreen) + +### Description + +Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. + +### POC + +#### Reference +- https://www.tenable.com/security/research/tra-2022-05 + +#### Github +No PoCs found on GitHub currently. + diff --git a/github.txt b/github.txt index 1cb5a2e10e..ef546ae04d 100644 --- a/github.txt +++ b/github.txt @@ -18975,6 +18975,14 @@ CVE-2018-16782 - https://github.com/ZhengMinghui1234/enfuzzer CVE-2018-16794 - https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups CVE-2018-16807 - https://github.com/mxmssh/manul CVE-2018-16809 - https://github.com/p1ay8y3ar/cve_monitor +CVE-2018-16823 - https://github.com/PAGalaxyLab/VulInfo +CVE-2018-16824 - https://github.com/PAGalaxyLab/VulInfo +CVE-2018-16825 - https://github.com/PAGalaxyLab/VulInfo +CVE-2018-16826 - https://github.com/PAGalaxyLab/VulInfo +CVE-2018-16827 - https://github.com/PAGalaxyLab/VulInfo +CVE-2018-16828 - https://github.com/PAGalaxyLab/VulInfo +CVE-2018-16829 - https://github.com/PAGalaxyLab/VulInfo +CVE-2018-16830 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-16831 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-16836 - https://github.com/ARPSyndicate/kenzer-templates CVE-2018-16839 - https://github.com/KorayAgaya/TrivyWeb @@ -19158,12 +19166,14 @@ CVE-2018-17359 - https://github.com/revl-ca/scan-docker-image CVE-2018-17360 - https://github.com/phonito/phonito-vulnerable-container CVE-2018-17360 - https://github.com/revl-ca/scan-docker-image CVE-2018-17418 - https://github.com/0xT11/CVE-POC +CVE-2018-17424 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-17427 - https://github.com/ZhengMinghui1234/enfuzzer CVE-2018-17431 - https://github.com/0xT11/CVE-POC CVE-2018-17431 - https://github.com/ARPSyndicate/kenzer-templates CVE-2018-17431 - https://github.com/Elsfa7-110/kenzer-templates CVE-2018-17431 - https://github.com/Fadavvi/CVE-2018-17431-PoC CVE-2018-17431 - https://github.com/sobinge/nuclei-templates +CVE-2018-17453 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-17456 - https://github.com/0xT11/CVE-POC CVE-2018-17456 - https://github.com/AnonymKing/CVE-2017-1000117 CVE-2018-17456 - https://github.com/AnonymKing/CVE-2018-17456 @@ -19212,6 +19222,7 @@ CVE-2018-17774 - https://github.com/404notf0und/CVE-Flow CVE-2018-17780 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-17780 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-1782 - https://github.com/rmadamson/rmadamson +CVE-2018-17853 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-17854 - https://github.com/ZhengMinghui1234/enfuzzer CVE-2018-17873 - https://github.com/0xT11/CVE-POC CVE-2018-17900 - https://github.com/center-for-threat-informed-defense/attack_to_cve @@ -19240,6 +19251,7 @@ CVE-2018-18026 - https://github.com/0xT11/CVE-POC CVE-2018-18026 - https://github.com/DownWithUp/CVE-2018-18026 CVE-2018-18026 - https://github.com/DownWithUp/CVE-Stockpile CVE-2018-18064 - https://github.com/revl-ca/scan-docker-image +CVE-2018-18067 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-18069 - https://github.com/ARPSyndicate/kenzer-templates CVE-2018-18069 - https://github.com/Elsfa7-110/kenzer-templates CVE-2018-18069 - https://github.com/sobinge/nuclei-templates @@ -19266,6 +19278,7 @@ CVE-2018-18384 - https://github.com/revl-ca/scan-docker-image CVE-2018-18384 - https://github.com/ronomon/zip CVE-2018-18387 - https://github.com/0xT11/CVE-POC CVE-2018-18387 - https://github.com/TheeBlind/CVE-2018-18387 +CVE-2018-18421 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-18439 - https://github.com/f-secure-foundry/advisories CVE-2018-18440 - https://github.com/f-secure-foundry/advisories CVE-2018-18472 - https://github.com/odolezal/notes @@ -19282,8 +19295,11 @@ CVE-2018-18500 - https://github.com/alphaSeclab/sec-daily-2019 CVE-2018-18500 - https://github.com/sophoslabs/CVE-2018-18500 CVE-2018-18520 - https://github.com/flyrev/security-scan-ci-presentation CVE-2018-18521 - https://github.com/flyrev/security-scan-ci-presentation +CVE-2018-18522 - https://github.com/PAGalaxyLab/VulInfo +CVE-2018-18523 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-18531 - https://github.com/PuZhiweizuishuai/community CVE-2018-18531 - https://github.com/livehub-root/livehub-java +CVE-2018-18549 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-18556 - https://github.com/mirchr/security-research CVE-2018-18557 - https://github.com/revl-ca/scan-docker-image CVE-2018-18570 - https://github.com/ARPSyndicate/kenzer-templates @@ -24062,6 +24078,7 @@ CVE-2019-11358 - https://github.com/ChathamRobotics/cougars22 CVE-2019-11358 - https://github.com/Chickenados/8628-FreightFrenzy CVE-2019-11358 - https://github.com/Chuvxjr/Phanton_FtcRobotController CVE-2019-11358 - https://github.com/ChuyChugh/ftc-2021 +CVE-2019-11358 - https://github.com/Cl0ck21/2021-2022FIxed CVE-2019-11358 - https://github.com/Cl0ck21/CrowForce2021-2022 CVE-2019-11358 - https://github.com/Cl0ck21/HAL9001D-master CVE-2019-11358 - https://github.com/ClashOfCoders/UltimateGoal-2020-2021 @@ -35587,10 +35604,8 @@ CVE-2020-25515 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-25515 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2020-25518 - https://github.com/0xT11/CVE-POC CVE-2020-25518 - https://github.com/developer3000S/PoC-in-GitHub -CVE-2020-25518 - https://github.com/g-rubert/wordpress_DoS CVE-2020-25518 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-25518 - https://github.com/nomi-sec/PoC-in-GitHub -CVE-2020-25519 - https://github.com/g-rubert/wordpress_DoS CVE-2020-25528 - https://github.com/noobpk/noobpk CVE-2020-2553 - https://github.com/5l1v3r1/CVE-2020-2553 CVE-2020-2553 - https://github.com/nomi-sec/PoC-in-GitHub @@ -36078,7 +36093,9 @@ CVE-2020-27624 - https://github.com/yuriisanin/whoami CVE-2020-27626 - https://github.com/yuriisanin/whoami CVE-2020-2766 - https://github.com/0x0FB0/MiscSploits CVE-2020-27662 - https://github.com/hectorgie/PoC-in-GitHub +CVE-2020-27662 - https://github.com/indevi0us/indevi0us CVE-2020-27663 - https://github.com/hectorgie/PoC-in-GitHub +CVE-2020-27663 - https://github.com/indevi0us/indevi0us CVE-2020-27666 - https://github.com/ossf-cve-benchmark/CVE-2020-27666 CVE-2020-27685 - https://github.com/codedninja/Teradek-Livestream-Broadcaster-RCE CVE-2020-27686 - https://github.com/codedninja/Teradek-Livestream-Broadcaster-RCE @@ -39383,7 +39400,6 @@ CVE-2020-9992 - https://github.com/nitishbadole/PENTESTING-BIBLE CVE-2020-9992 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2020-9992 - https://github.com/phant0n/PENTESTING-BIBLE CVE-2020-9999 - https://github.com/tdcoming/CVE-2020-9999 -CVE-2021-0000 - https://github.com/m-mizutani/octovy CVE-2021-0086 - https://github.com/vusec/fpvi-scsb CVE-2021-0089 - https://github.com/JUSDJTIN/Speculative-Code-Store-Bypass-POC CVE-2021-0089 - https://github.com/vusec/fpvi-scsb @@ -39988,6 +40004,7 @@ CVE-2021-21240 - https://github.com/kaisenlinux/trivy CVE-2021-21242 - https://github.com/EdgeSecurityTeam/Vulnerability CVE-2021-21242 - https://github.com/tzwlhack/Vulnerability CVE-2021-21254 - https://github.com/engn33r/awesome-redos-security +CVE-2021-21255 - https://github.com/indevi0us/indevi0us CVE-2021-21263 - https://github.com/iBotPeaches/ctf-2021 CVE-2021-21267 - https://github.com/engn33r/awesome-redos-security CVE-2021-21269 - https://github.com/Artisan-Lab/Rust-memory-safety-bugs @@ -40056,6 +40073,8 @@ CVE-2021-21315 - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC CVE-2021-21315 - https://github.com/xMohamed0/CVE-2021-21315-POC CVE-2021-21317 - https://github.com/engn33r/awesome-redos-security CVE-2021-21317 - https://github.com/yetingli/PoCs +CVE-2021-21324 - https://github.com/indevi0us/indevi0us +CVE-2021-21326 - https://github.com/indevi0us/indevi0us CVE-2021-21330 - https://github.com/Bratah123/PolyBot CVE-2021-21330 - https://github.com/KOOKIIEStudios/Max_Feeder CVE-2021-21330 - https://github.com/TEAM-SPIRIT-Productions/Lapis @@ -42030,6 +42049,7 @@ CVE-2021-29386 - https://github.com/Umarovm/PowerSchool-Grade-Stealer CVE-2021-29386 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-29418 - https://github.com/DNTYO/F5_Vulnerability CVE-2021-29425 - https://github.com/raner/projo +CVE-2021-29436 - https://github.com/indevi0us/indevi0us CVE-2021-29440 - https://github.com/ARPSyndicate/cvemon CVE-2021-29440 - https://github.com/CsEnox/CVE-2021-29440 CVE-2021-29440 - https://github.com/cyllective/CVEs @@ -44286,6 +44306,8 @@ CVE-2021-41083 - https://github.com/p1ay8y3ar/cve_monitor CVE-2021-41088 - https://github.com/p1ay8y3ar/cve_monitor CVE-2021-41089 - https://github.com/ssst0n3/my_vulnerabilities CVE-2021-41089 - https://github.com/ssst0n3/ssst0n3 +CVE-2021-41139 - https://github.com/indevi0us/indevi0us +CVE-2021-41156 - https://github.com/indevi0us/indevi0us CVE-2021-41157 - https://github.com/0xInfection/PewSWITCH CVE-2021-41157 - https://github.com/p1ay8y3ar/cve_monitor CVE-2021-41157 - https://github.com/taielab/awesome-hacking-lists @@ -44924,6 +44946,7 @@ CVE-2021-43839 - https://github.com/sirhashalot/SCV-List CVE-2021-43848 - https://github.com/ARPSyndicate/cvemon CVE-2021-43848 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-43848 - https://github.com/p1ay8y3ar/cve_monitor +CVE-2021-43851 - https://github.com/indevi0us/indevi0us CVE-2021-43855 - https://github.com/Haxatron/Haxatron CVE-2021-43856 - https://github.com/Haxatron/Haxatron CVE-2021-43857 - https://github.com/ARPSyndicate/cvemon @@ -45777,6 +45800,8 @@ CVE-2022-24407 - https://github.com/GitHubForSnap/podcast-dl-gael CVE-2022-24693 - https://github.com/ARPSyndicate/cvemon CVE-2022-24693 - https://github.com/lukejenkins/CVE-2022-24693 CVE-2022-24693 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2022-24707 - https://github.com/indevi0us/indevi0us +CVE-2022-24708 - https://github.com/indevi0us/indevi0us CVE-2022-24954 - https://github.com/dlehgus1023/dlehgus1023 CVE-2022-24955 - https://github.com/dlehgus1023/dlehgus1023 CVE-2022-25256 - https://github.com/ARPSyndicate/cvemon diff --git a/references.txt b/references.txt index 4838051b8b..b1004237c9 100644 --- a/references.txt +++ b/references.txt @@ -10036,6 +10036,7 @@ CVE-2009-2650 - http://www.exploit-db.com/exploits/9173 CVE-2009-2655 - http://www.exploit-db.com/exploits/9253 CVE-2009-2656 - http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf CVE-2009-2660 - https://bugs.gentoo.org/show_bug.cgi?id=276235 +CVE-2009-2663 - https://bugzilla.redhat.com/show_bug.cgi?id=516259 CVE-2009-2670 - http://www.vmware.com/security/advisories/VMSA-2009-0016.html CVE-2009-2671 - http://www.vmware.com/security/advisories/VMSA-2009-0016.html CVE-2009-2672 - http://www.vmware.com/security/advisories/VMSA-2009-0016.html @@ -19318,6 +19319,7 @@ CVE-2014-8657 - http://packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E- CVE-2014-8657 - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php CVE-2014-8658 - http://packetstormsecurity.com/files/128907/Confluence-RefinedWiki-Original-Theme-Cross-Site-Scripting.html CVE-2014-8658 - http://seclists.org/fulldisclosure/2014/Oct/126 +CVE-2014-8664 - http://service.sap.com/sap/support/notes/0001810405 CVE-2014-8670 - http://packetstormsecurity.com/files/128958/vBulletin-4.2.1-Open-Redirect.html CVE-2014-8673 - http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html CVE-2014-8673 - http://seclists.org/fulldisclosure/2015/Jul/44 @@ -25200,6 +25202,7 @@ CVE-2017-1000477 - https://github.com/pravednik/xmlBundle CVE-2017-1000477 - https://github.com/pravednik/xmlBundle/issues/2 CVE-2017-1000486 - https://github.com/primefaces/primefaces/issues/1152 CVE-2017-1000486 - https://www.exploit-db.com/exploits/43733/ +CVE-2017-1000491 - https://github.com/rhysd/Shiba/issues/42 CVE-2017-1000499 - http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/ CVE-2017-1000499 - https://www.exploit-db.com/exploits/45284/ CVE-2017-1001000 - https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab @@ -37806,6 +37809,7 @@ CVE-2019-6509 - https://github.com/creditease-sec/insight/issues/42 CVE-2019-6510 - https://github.com/creditease-sec/insight/issues/42 CVE-2019-6543 - https://www.exploit-db.com/exploits/46342/ CVE-2019-6545 - https://www.exploit-db.com/exploits/46342/ +CVE-2019-6551 - http://www.securityfocus.com/bid/107031 CVE-2019-6555 - https://ics-cert.us-cert.gov/advisories/ICSA-19-050-03 CVE-2019-6588 - http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html CVE-2019-6617 - https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2019-6617.txt @@ -46614,4 +46618,7 @@ CVE-2022-25297 - https://snyk.io/vuln/SNYK-UNMANAGED-DROGONFRAMEWORKDROGON-24072 CVE-2022-25298 - https://snyk.io/vuln/SNYK-UNMANAGED-SPRINFALLWEBCC-2404182 CVE-2022-25299 - https://snyk.io/vuln/SNYK-UNMANAGED-CESANTAMONGOOSE-2404180 CVE-2022-25315 - https://github.com/libexpat/libexpat/pull/559 +CVE-2022-25329 - https://www.tenable.com/security/research/tra-2022-05 +CVE-2022-25330 - https://www.tenable.com/security/research/tra-2022-05 +CVE-2022-25331 - https://www.tenable.com/security/research/tra-2022-05 CVE-2022-25375 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10